When people need to save a password or any other type of sensitive information in an iOS app I see them way too often just storing it in plain text in the NSUserDefaults. This is bad bad bad. Some other times people will try and implement their own encryption or ciphering to hide the real information, but there is no need. From OS X, the iOS implements the keychain. This is Apple’s way of storing things securely for you, and it’s dead easy so there’s no need to store things insecurely.
If you have ever needed to store a password or other sensitive data in an iPhone app, you have probably used Keychain Access, Apple’s solution to storing data securely. You have also probably used Apple’s KeychainWrapper class, offering a very easy wrapper to storing info in the keychain.
The KeychainWrapper worked well in debug mode, but when building for release it didn’t seem to be writing objects to the keychain. I was fumbling around with this for hours, going over my own code thinking I had made a mistake somewhere. In the end I figured out what the problem was, in Apple’s code for KeychainWrapper the actual line that executed the commit to the keychain was inside an NSAssert, which is used for development, but as soon as you build for release or distribution every NSAssert is nullified, giving the same effect of commenting out anything on that line, removing the keychain commit code.